android trojan spyware star n9500

G Data

The dangers of buying so-called clones, cheap imitations of brand name smartphones, are relatively well known. From the lack of warranty, to the shoddy build and abysmal performance, buying a “replica” ends, in most cases, in regret.

But there’s a more insidious danger that bargain hunters expose themselves to when buying a cheap no-name device – the risk of getting a phone that is infected with malware out of the box.

Researchers at German security company G Data claim they found the first case of a smartphone shipping with pre-installed malware. The device is the Star N9500, a Galaxy S4 lookalike that’s available throughout Europe on Amazon and other retailers for prices ranging from €130 to €165 ($175 to $225).

According to its listing on, the Star N9500 comes with a 5-inch 1280 x 720 display, 1GB of RAM, and a MTK6589 processor. Aside the fact that you can get a vastly superior Moto G for the same price, the N9500 packs a nasty piece of malware known as Android.Trojan.Uupay.D, disguised to look like Google Play Store’s process.

star n9500

Star N9500

According to G Data, the malware can “retrieve personal data, intercept calls and online banking data, read emails and text messages or control the camera and microphone remotely.” The trojan, which sends data to a server in China, cannot be uninstalled, as it’s part of the firmware, it blocks the installation of security updates, and deletes logs that may tip off users of its existence. The only sign that the malware is running on the phone is its process, which is modified to look like Google Play. Under these conditions, it’s very hard, if not impossible for users to do anything about it.

Needless to say, having such a pervasive piece of malware running continuously in the background is a recipe for disaster. From sending texts to premium numbers, to stealing passwords and bank account numbers, such a trojan can thoroughly compromise your digital life.

If you bought a Star N9500 or a similar device, G Data claims its rather expensive security tool detects Uupay.D, though other antivirus apps may be able to detect it as well. Simply checking the running processes could help too – if you spot an always-on process with the Google Play icon and name followed by Chinese characters, you found your culprit. With that said, it’s not clear what you can do after that, as removing the trojan requires root access.

There you have it – another reason to avoid clones at all costs. The best defense is to simply stay clear from the Star N9500 and devices like it. With cheap brand phones like the Moto E, Moto G, Asus Zenfones, and the Nokia X coming to market, there’s little reason to go for lookalikes of indefinite provenience.

Read comments